[PATCH] pdb_ldap: Use lp_ldap_group_suffix
obnox at samba.org
Mon Jul 9 15:20:00 MDT 2012
Christof Schmitt wrote:
> The current code in pdb_ldap uses the generic ldap_suffix for all
> queries on the LDAP server. With this approach, the LDAP server
> has to look at all user, machine and group records for all
> queries. The attached patch changes the group queries to use the
> lp_ldap_group_suffix instead.
> I tried to also do the same for user and machine records, but
> user and machine records can use different suffixes and there is
> no easy way to distinguish between them. Querying both suffixes,
> user and machine, would defeat the goal of reducing the load on
> the LDAP server, so this patch only uses the group suffix.
Well, this is essentially the revert of
"Fix bug #6431 - local groups from 3.0 setups no longer found."
(Search for groups without group suffix, group suffix is only
used for new entries.)
So we can't simply revert that if we still want to
support older installations.
We could force the use of some form of "upgrade-provision" for
Or we could add another option that triggers this use of the
More options? What do others think?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 206 bytes
Desc: not available
More information about the samba-technical